61 matches found
EUVD-2017-9358
Malware in sbrugna...
EUVD-2012-3480
Malware in sbrugna...
EUVD-2017-9357
Malware in sbrugna...
EUVD-2015-2172
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-18226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2015-2059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The stringpreputf8toucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other...
RHEL 7 : libidn (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libidn2: Integer overflow in punydecode.c/decodedigit CVE-2017-14062 - The stringpreputf8toucs4 function ...
SUSE CVE-2011-1755
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
SUSE CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
SUSE CVE-2015-2059
The stringpreputf8toucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read...
EulerOS Virtualization 3.0.1.0 : libidn (EulerOS-SA-2019-1454)
According to the version of the libidn package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The stringpreputf8toucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory...
Gentoo net-im/jabberd2 package local elevation of privilege vulnerability
The Gentoo net-im/jabberd2 package is an XMPP Extensible Message Processing Field Protocol package from the Gentoo Foundation. A security vulnerability in the Gentoo net-im/jabberd2 package version 2.6.1 and earlier stems from a program that installs jabberd, jabberd2-c2s, jabberd2-router,...
Code injection
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one o...
CVE-2017-18226
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
CVE-2017-18226
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
Command injection
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
CVE-2017-18226
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
CVE-2017-18225
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one o...
DEBIAN-CVE-2017-18226
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
CVE-2017-18225
CVE-2017-18225 affects Gentoo net-im/jabberd2 up to version 2.6.1; the package installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account. A local attacker could escalate privileges by exploiting access to this account while root execute...